Re: vlan trunking native vlan 1 issue

sejamc71 · ‎07-25-2019

5 years ago prior to me being here, the company deployed 2960s switches to a remote plant. They left everything on VLAN 1. Vlan 1 is acting as the management and the data VLAN. Now, they want to introduce another VLAN. On the router, it is subinterface VLAN gi0/1.1. Now they want to introduce another VLAN. I created subinterface gi0/1.501 on the router, created vlan 501 on the switch, and made the uplink port on the switch a trunk port. The problem is that I am not able to pass traffic when the port is in a trunk state and I read that there is a limitation of the 2960 switches in that it does not support the feature of tagging native vlan. Ideally, I would introduce a separate management vlan, then would be able to pass traffic from different vlans, but it looks like, since vlan 1 is the native and used for data, I can't pass traffic from other vlans when the port is in a trunk port configuration. Does this sound right to some of you?

router Config

interface GigabitEthernet0/1.1
encapsulation dot1Q 1
ip address 10.100.9.1 255.255.255.0
no ip redirects
ip flow ingress
ip flow egress
!

interface GigabitEthernet0/1.30
encapsulation dot1Q 30
ip address 10.100.30.1 255.255.255.0
no ip redirects
ip flow ingress
ip flow egress
!

interface GigabitEthernet0/1.501
description MBPLC2
encapsulation dot1Q 501
ip address 10.100.10.1 255.255.254.0
no ip redirects
ip flow ingress
ip flow egress
!

Switch

interface GigabitEthernet1/0/49

description RTR01_Uplink
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast disable
spanning-tree bpduguard disable
!

interface GigabitEthernet1/0/1
description Cisco Voice/Data Port
switchport trunk encapsulation dot1q
switchport mode trunk
load-interval 30
no snmp trap link-status
spanning-tree portfast trunk
spanning-tree bpduguard enable
ip dhcp snooping limit rate 100
!

Georg Pauwen · ‎07-25-2019

Hello,

add the 'native' keyword:

interface GigabitEthernet0/1.1
encapsulation dot1Q 1 native
ip address 10.100.9.1 255.255.255.0
no ip redirects
ip flow ingress
ip flow egress

sejamc71 · ‎07-25-2019

Sorry, its in there just didn't paste correctly.

sejamc71 · ‎07-25-2019

Not sure why, but it did not paste correctly. VLAN 1 is native, but in a trunking configuration on the switch, anything not on vlan 1 is unable to ping 10.100.30.1 or 10.100.10.1 . Gateway on switch is 10.100.9.1 - VLAN 1

router Config

interface GigabitEthernet0/1.1
encapsulation dot1Q 1 native
ip address 10.100.9.1 255.255.255.0
no ip redirects
ip flow ingress
ip flow egress
!

interface GigabitEthernet0/1.30
encapsulation dot1Q 30
ip address 10.100.30.1 255.255.255.0
no ip redirects
ip flow ingress
ip flow egress
!

interface GigabitEthernet0/1.501
description MBPLC2
encapsulation dot1Q 501
ip address 10.100.10.1 255.255.254.0
no ip redirects
ip flow ingress
ip flow egress
!

luis_cordova · ‎07-25-2019

Hi @sejamc71 ,

Can you share the current configuration of the switch, of the vlan1 interface?

Regards

sejamc71 · ‎07-25-2019

Here is the configuration of interface VLAN 1, all interfaces are configured like gi1/0/1, uplink port to router gi1/0/49 and the default gateway. Hope that helps.

interface Vlan1
ip address 10.100.9.5 255.255.255.0

!

iinterface GigabitEthernet1/0/1
description Cisco Voice/Data Port
switchport trunk encapsulation dot1q
switchport mode trunk
load-interval 30
no snmp trap link-status
spanning-tree portfast trunk
spanning-tree bpduguard enable
ip dhcp snooping limit rate 100
!

interface GigabitEthernet1/0/49
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast disable
spanning-tree bpduguard disable
!

ip default-gateway 10.100.9.1

Georg Pauwen · ‎07-25-2019

Hello,

I assume below is the configuration which connects to one of your end devices ? What are you trying to accomplish, have this interface pass traffic on Vlan 1 ?

interface GigabitEthernet1/0/1
description Cisco Voice/Data Port
switchport trunk encapsulation dot1q
switchport mode trunk
load-interval 30
no snmp trap link-status
spanning-tree portfast trunk
spanning-tree bpduguard enable
ip dhcp snooping limit rate 100

GRANT3779 · ‎07-25-2019

You can create a dummy vlan on the switch, e.g VLAN 666
On the trunk ports on the switch add the
Switchport trunk native vlan 666

On the router, remove the native from the vlan 1 interface.

May help but slightly unsure what you are trying to achieve.

sejamc71 · ‎07-25-2019

We have vlan 1 with IP 10.100.9.1, vlan 30 with ip 10.100.30.1 and vlan 501 with IP 10.100.10.1 on the router as subinterfaces to gi0/1. On the switch, we have vlan 1, vlan 30 and vlan 501 with a gateway pointing to vlan 1 on router. If a host with an IP address on vlan 501 - 10.100.10.1 connects to the switch port, which as you can see is in trunk config, it is not able to ping 10.100.10.1, or 10.100.9.1 or 10.100.30.1 unless I config the port as an access port. I read that this is because they are using VLAN 1 as both management and data and it will be unable to untag traffic in a trunk config and will only pass traffic on the native vlan.

If I make the port an access port, either on vlan 1, or vlan 30 or vlan 501, I can pass traffic to all 3 VLANs. I just don't want to have to manually move the port to the correct VLAN when they want to connect a device on a different VLAN.

Does that make sense?

sejamc71 · ‎07-25-2019

I am unable to do that as this is a remote switch, with Lan base licensing and they are using VLAN 1 for Management. So as soon as I start to change VLAN 1, I'd loose connectivity.

sejamc71 · ‎07-25-2019

If this is a remote switch with management IP on VLAN 1, as soon as I make a change, I will loose connectivity to the switch